Okey. I did it. There were a few problems, but this is how the final variant looks. My docker. krb5.conf and keytab are in the same folder as my docker file. When I build the project they are added to the container and in the entrypoint I use -Djava.security.krb5.conf to provide krb5 location. There are also a few options for debugging + I connect mongo. FROM java:8 ADD report.jar report.jar ADD krb5.conf /etc/krb5.conf ADD evkuzmin.keytab /etc/evkuzmin.keytab RUN sh -c 'touch report.jar' ENTRYPOINT ["java","-Dspring.data.mongodb.uri=mongodb://audpro_mongo/report","-Djavax.net.debug=all","-Dsun.security.spnego.debug=true","-Dsun.security.krb5.debug=true","-Djava.security.krb5.conf=/etc/krb5.conf","-jar","/report.jar"] Then I use KerberosRestTemplate to connect to webhdfs public String getReportJSON()throwsURISyntaxException{ KerberosRestTemplate restTemplate =newKerberosRestTemplate("/etc/evkuzmin.keytab","EvKuzmin@DOMAIN"); URI uri =new URI("http"+"://"+ host +":"+ port +"/webhdfs/v1"+ path +"?op=OPEN"); String json = restTemplate.getForObject(uri,String.class);return json; return json; } If you want to run the app without docker, just build it and add the keytab to the same direction as the jar. Then change /etc/evkuzmin.keytab so it points to the new location. ... View more

@Geoffrey Shelton Okot Why do I need krb5 if I already have keytab? I already pass the principal on java. what else is there? ... View more

@Geoffrey Shelton Okot I followed the instructions, but had to change a few things. The net=host didbn't work. Changed to network=aud_pro_net. When I tried moving krb5.conf file directly like so /etc/krb5.conf:/etc/krb5.conf, I got the error that it's not a directory, so I changed it too. The rest was left as is. In the end I initialized the keytab wihtout problem. But the error persisted. Unable to obtain password. I added everything to the post. ... View more